mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Add profile_id parameter to 'request_certificate'
Add the profile_id parameter to the 'request_certificate' function and update call sites. Also remove multiple occurrences of the default profile ID 'caIPAserviceCert'. Part of: https://fedorahosted.org/freeipa/ticket/57 Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
parent
c09bd35e7c
commit
4cf2bfcaa6
@ -90,7 +90,7 @@ def assert_equal(trial, reference):
|
|||||||
|
|
||||||
|
|
||||||
api.log.info('******** Testing ra.request_certificate() ********')
|
api.log.info('******** Testing ra.request_certificate() ********')
|
||||||
request_result = ra.request_certificate(csr)
|
request_result = ra.request_certificate(csr, ra.DEFAULT_PROFILE)
|
||||||
if verbose: print "request_result=\n%s" % request_result
|
if verbose: print "request_result=\n%s" % request_result
|
||||||
assert_equal(request_result,
|
assert_equal(request_result,
|
||||||
{'subject' : subject,
|
{'subject' : subject,
|
||||||
|
@ -436,7 +436,7 @@ class cert_request(VirtualCommand):
|
|||||||
|
|
||||||
# Request the certificate
|
# Request the certificate
|
||||||
result = self.Backend.ra.request_certificate(
|
result = self.Backend.ra.request_certificate(
|
||||||
csr, request_type=request_type)
|
csr, 'caIPAserviceCert', request_type=request_type)
|
||||||
cert = x509.load_certificate(result['certificate'])
|
cert = x509.load_certificate(result['certificate'])
|
||||||
result['issuer'] = unicode(cert.issuer)
|
result['issuer'] = unicode(cert.issuer)
|
||||||
result['valid_not_before'] = unicode(cert.valid_not_before_str)
|
result['valid_not_before'] = unicode(cert.valid_not_before_str)
|
||||||
|
@ -47,6 +47,8 @@ INCLUDED_PROFILES = {
|
|||||||
(u'caIPAserviceCert', u'Standard profile for network services', True),
|
(u'caIPAserviceCert', u'Standard profile for network services', True),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
DEFAULT_PROFILE = u'caIPAserviceCert'
|
||||||
|
|
||||||
class Dogtag10Constants(object):
|
class Dogtag10Constants(object):
|
||||||
DOGTAG_VERSION = 10
|
DOGTAG_VERSION = 10
|
||||||
UNSECURE_PORT = 8080
|
UNSECURE_PORT = 8080
|
||||||
|
@ -386,7 +386,7 @@ class CertDB(object):
|
|||||||
# We just want the CSR bits, make sure there is nothing else
|
# We just want the CSR bits, make sure there is nothing else
|
||||||
csr = pkcs10.strip_header(csr)
|
csr = pkcs10.strip_header(csr)
|
||||||
|
|
||||||
params = {'profileId': 'caIPAserviceCert',
|
params = {'profileId': dogtag.DEFAULT_PROFILE,
|
||||||
'cert_request_type': 'pkcs10',
|
'cert_request_type': 'pkcs10',
|
||||||
'requestor_name': 'IPA Installer',
|
'requestor_name': 'IPA Installer',
|
||||||
'cert_request': csr,
|
'cert_request': csr,
|
||||||
|
@ -1284,6 +1284,8 @@ class ra(rabase.rabase):
|
|||||||
"""
|
"""
|
||||||
Request Authority backend plugin.
|
Request Authority backend plugin.
|
||||||
"""
|
"""
|
||||||
|
DEFAULT_PROFILE = dogtag.DEFAULT_PROFILE
|
||||||
|
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
if api.env.in_tree:
|
if api.env.in_tree:
|
||||||
self.sec_dir = api.env.dot_ipa + os.sep + 'alias'
|
self.sec_dir = api.env.dot_ipa + os.sep + 'alias'
|
||||||
@ -1541,9 +1543,10 @@ class ra(rabase.rabase):
|
|||||||
return cmd_result
|
return cmd_result
|
||||||
|
|
||||||
|
|
||||||
def request_certificate(self, csr, request_type='pkcs10'):
|
def request_certificate(self, csr, profile_id, request_type='pkcs10'):
|
||||||
"""
|
"""
|
||||||
:param csr: The certificate signing request.
|
:param csr: The certificate signing request.
|
||||||
|
:param profile_id: The profile to use for the request.
|
||||||
:param request_type: The request type (defaults to ``'pkcs10'``).
|
:param request_type: The request type (defaults to ``'pkcs10'``).
|
||||||
|
|
||||||
Submit certificate signing request.
|
Submit certificate signing request.
|
||||||
@ -1575,7 +1578,7 @@ class ra(rabase.rabase):
|
|||||||
http_status, http_reason_phrase, http_headers, http_body = \
|
http_status, http_reason_phrase, http_headers, http_body = \
|
||||||
self._sslget('/ca/eeca/ca/profileSubmitSSLClient',
|
self._sslget('/ca/eeca/ca/profileSubmitSSLClient',
|
||||||
self.env.ca_ee_port,
|
self.env.ca_ee_port,
|
||||||
profileId='caIPAserviceCert',
|
profileId=profile_id,
|
||||||
cert_request_type=request_type,
|
cert_request_type=request_type,
|
||||||
cert_request=csr,
|
cert_request=csr,
|
||||||
xml='true')
|
xml='true')
|
||||||
|
@ -67,11 +67,12 @@ class rabase(Backend):
|
|||||||
"""
|
"""
|
||||||
raise errors.NotImplementedError(name='%s.get_certificate' % self.name)
|
raise errors.NotImplementedError(name='%s.get_certificate' % self.name)
|
||||||
|
|
||||||
def request_certificate(self, csr, request_type='pkcs10'):
|
def request_certificate(self, csr, profile_id, request_type='pkcs10'):
|
||||||
"""
|
"""
|
||||||
Submit certificate signing request.
|
Submit certificate signing request.
|
||||||
|
|
||||||
:param csr: The certificate signing request.
|
:param csr: The certificate signing request.
|
||||||
|
:param profile_id: Profile to use for this request.
|
||||||
:param request_type: The request type (defaults to ``'pkcs10'``).
|
:param request_type: The request type (defaults to ``'pkcs10'``).
|
||||||
"""
|
"""
|
||||||
raise errors.NotImplementedError(name='%s.request_certificate' % self.name)
|
raise errors.NotImplementedError(name='%s.request_certificate' % self.name)
|
||||||
|
Loading…
Reference in New Issue
Block a user